Information Systems Security Manager (ISSM) - Marine Corps ...
Information Systems Security Manager (ISSM) - Marine Corps ...
Information Systems Security Manager (ISSM) - Marine Corps ...
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
NAVSO P-5239-04SEPTEMBER 19953.7 Auditing<strong>Security</strong>-related weaknesses of the IS must be identified and eliminated. Monitoringthe security activities of the IS and conducting an audit of security-related activity on the IShelps identify the weaknesses. This section describes the <strong>ISSM</strong>’s roles in monitoring securityactivities on the IS.ResponsibilityThe <strong>ISSM</strong> is responsible for ensuring that IS transactions areeffectively audited and that audit trails are regularly reviewedby the ISSO or NSO responsible for the IS or network underthe cognizance of the <strong>ISSM</strong>.ImplementationAudit ProceduresAuditing allows the <strong>ISSM</strong> to monitor security-related activitieson the IS and to evaluate risks and vulnerabilities. The <strong>ISSM</strong>ensures that:· Appropriate security events to be audited are selected· A reasonable and appropriate audit schedule ismaintained· Audit activities do not adversely affect IS functions· Audit activities comply with other site-specific securityprocedures and requirements· All occurrences of warning messages are investigated· Audit trail data is protected.Audit TrailThe audit trail is the product of audit activities. It provide s arecord of all security-related activities (e.g., access of classifiedinformation, logons, and logoffs). The <strong>ISSM</strong> reviews audittrailson a periodic basis. These reviews focus on:· Identifying streamlined methods for collecting auditinformation· Ensuring that audit trail reviews by the ISSOs are used todevelop accurate IS use patterns and user access reports .32